Access a mapped drive outside home/lan network

[Checkmate]

So i have a pc in my house which i use a file server to and have folder in there that i need access to.

I can map a network drive if i'm connected to my network at home, but want to map a network drive in my office which is in a different location.

Also i can RDC to my file server, that is when i open port 3389. Tried it and it works.

Can anyone help me map the network drive outside my home network, do i need to open another port?

https://gyazo.com/f53b2f3389d723cab34acf42c2e8aa63

(let say my ip is 1.2.3.4)

Do i have to open a port then enter something like \\1.2.3.4:someportnumber\thefoldername


Preferably want to do this without using a VPN.

Thanks

 

[GokAy]

Yes, you can directly reach your shared folder from Windows Explorer as if you are home.

You have to forward port TCP 445 to 1.2.3.4's TCP 445
If you don't have a static IP, open a free account with DuckDNS on 1.2.3.4 (example, my-home-pc.duckdns.org
Now you should be able to reach your shared folder with:
\\my-home-pc.duckdns.org (or add shared folder as well)

Make sure you have password protected sharing turned on.

I will leave the safety aspect to others.

 

[Alejandro85]

There are a couple of options for doing that, but that involve either installing new software, opening more ports or relying on third party services. I can think of the following approaches:

• Open port 445 and expose the SMB server directly over internet (what GokAy said before basically). This is inmensely insecure, as the server service in Windows is only designed for local networking, and also forces to use your Windows credentials over internet.
• Use a FTP running on the file server, point it to the same shared folder (or potentially a different one), open port 21 and the configured passive ports and use a standard FTP client to access the files (even Windows Explorer serves as a rudimentary FTP client). This is of course a bit more limited than a SMB share, because it only allows file copy, but it doesn't introduce a critical security vulnerability on the server. Usage of this obsolete protocol is however still a bad thing because it's entirely plain-text, including passwords. FTPS mitigates that issue.
• Install a SSH server on the file server, open port 22 and use SFTP in the same way as FTP (maybe with a different client program, though). This gives the same flexibility of FTP, but with the increased security of a fully encrypted open protocol. It's also easier to route though firewall, as it only uses a single port and connection.
• Install a SSH server on the file server and use it to tunnel the SMB protocol on port 445. This gives you the full flexibility of native Windows shares, plus the inherent security of SSH, but it's a bit more cumbersome to use.
• Use a VPN. While you may not like it, it's a feasible solution to open a port just for that service and use it to tunnel the rest of the insecure SMB protocol. You can even rely on third-party services like Hamachi and remove the need for opening a port.
• Install a normal web server and use the WebDAV extension to access shared folders though port 80. Good thing is that Windows Explorer is capable of mapping a drive out of it natively, allowing a similar functionality of SMB, though much slower. It also allows any regular web browser to view and download files. Being also plain-text, it's terribly insecure though, so usage of HTTPS (and port 443) is a must.
• Use a third-party "cloud" storage and put the files there instead, so you can access them from both sides. It may or may not be practical, depending on how much data you have. It also comes with serious privacy implications if the data is important or confidential.

I personally have used SFTP on my home to reach my notebook from work. So far it had very few problems with this approach, but you may want to look into other options depending on how do you want to access your data and the knowledge of the possible users.

You have to forward port TCP 445 to 1.2.3.4's TCP 445
(...)
I will leave the safety aspect to others.

It's VERY INSECURE to do so. The built-in SMB server has never been designed to work over internet as it exposes details of your computer and network and was exploited numerous times. Exposing it to internet is just asking for troubles (and you'll find them pretty quickly in the wild )

 

[GokAy]

Alejandro85, wonderful post. Bookmarked! Thank you

I feel I need to investigate VPN for a home setting with or without a fixed IP.

How about..

Since OP is reaching a PC, perhaps add remote control software like TeamViewer etc. to the list of possibilities as well (if you won't need your files locally or if the files are large)?

 

[Alejandro85]

Thanks GokAy, glad it was useful.

I didn't considered any kind of remote access at all, but OP said he already managed to do RDP over internet, so he could use that too. Sure it's an option, depending on what they're going to do with the files and with the server.